Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-32704 | Buffer Over-read vulnerability in Microsoft products Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 |
| 2025-05-13 | CVE-2025-32705 | Out-of-bounds Read vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | 7.8 |
| 2025-05-13 | CVE-2025-32706 | Improper Input Validation vulnerability in Microsoft products Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-32707 | Out-of-bounds Read vulnerability in Microsoft products Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-32709 | Use After Free vulnerability in Microsoft products Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-21264 | Files or Directories Accessible to External Parties vulnerability in Microsoft Visual Studio Code Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | 7.1 |
| 2025-05-13 | CVE-2025-24063 | Heap-based Buffer Overflow vulnerability in Microsoft products Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-26677 | Resource Exhaustion vulnerability in Microsoft products Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | 7.5 |
| 2025-05-13 | CVE-2025-27468 | Improper Privilege Management vulnerability in Microsoft products Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | 7.0 |
| 2025-05-13 | CVE-2025-29826 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Microsoft Dataverse Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 8.8 |